Securing the virtual education sector

In 2019, the education sector was rated as one of the top sectors targeted with ransomware attacks; a statistic that is likely to continue to increase
Education targeted
A virtual schooling environment is increasingly targeted by hackers

The impact of COVID-19 forced K-12 schools across the world to rapidly migrate to virtual learning and with children now returning to school the cyber component will continue to be important.

To recreate the culture and supervision of face-to-face teaching, K-12 schools responded by quickly moving classes online. State departments also rolled out online training for students and teachers, as well as loaned WiFi modems to students in need. While these schools should be applauded for their prompt action, the sudden move to enable students to access classes from home through personal devices resulted in an expanded attack surface, making schools potentially more vulnerable to cyber threats.

Historically, tertiary institutions were viewed by cybercriminals as ‘soft targets’ since they hold valuable personal data. However, as more K-12 schools rely on web-based platforms and mobile technologies to facilitate learning, they are increasingly under the radar of cybercriminals due to their lack of technical resources or security personnel.

In fact, in 2019, the education sector was rated as one of the top sectors targeted with ransomware attacks; a statistic that is likely to continue to increase in the current COVID-19 climate. As more devices connect to the school network to enable connected classrooms, schools have a responsibility to take stock of their cyber risk and address it.

But there are steps that schools can take to quickly improve their security posture and the solution doesn’t lie in throwing money at the problem.

Adopt a risk-based approach to vulnerability management
As the first list of defence against cyber threats, schools should adopt a risk-based vulnerability management program to continuously monitor their network in real-time while identifying and prioritising vulnerabilities that could be exploited by bad actors.

By taking a risk-based approach to vulnerability management, IT teams can focus on the vulnerabilities and assets that matter most, so they can address the school’s true business risk instead of wasting their valuable time on vulnerabilities that have a low likelihood of being exploited.

Practise cyber hygiene
Practising basic cyber hygiene such as patching systems and using strong authentication mechanisms can significantly reduce risk. Creating and maintaining unique codes for digital accounts held by students and teachers minimises the chances of an account being compromised.

Research from Ponemon found that one-third of organisations who experienced a breach knew about the vulnerability that caused it. While many believe advanced threats pose the biggest risk, they only make up a small percentage of all risks. The vast majority of data breaches today are the result of known but unpatched vulnerabilities.

Optimise resources by prioritising threats
With so many threat vectors and vulnerabilities emerging, it’s difficult to know what to focus on. The problem is compounded by the fact that schools have limited resources and many lack the data and insight they need to prioritise remediation based on the level of risk posed to the institution. This leaves them exposed to excessive and unnecessary cyber risk.

To counter this challenge, security teams need to prioritise remediation based on actual cyber risk, combining asset criticality, vulnerability severity and exploit availability, which is essential to securing their attack surface.

In doing so, security teams can focus on the vulnerabilities that are being actively exploited by threat actors rather than those that could only theoretically be used.  This will save time, improve security, and optimise team performance.

Have a holistic view of assets
Managing the increasingly common bring-your-own-device culture can be a struggle for education institutions. This influx means that school systems are being accessed by a huge volume of unknown devices. For most schools, mapping such a vast array of assets can be incredibly complex. Discovering and managing unknown assets, including legacy systems, can be near impossible without the use of proper tools. But this is an integral first step - without complete visibility into these assets, security teams have no way to see, and ultimately, mitigate risk.

Therefore, acquiring tools, technologies, skills and services to understand the type and number of assets, applications and services should be a top priority for any security team. Doing so will enable schools to confidently define network boundaries and which devices are permitted to access sensitive data.

Security pivotal for the sector
Regardless of whether students are taking their first steps into elementary school or well into high school, weak security makes a tempting target for cybercriminals. K-12 schools must be informed about the very real impact of potential attacks and the preventative measures that should be undertaken, particularly during such a pivotal time for the sector.

Vulnerability management is a practice that must be adopted widely as the foundation to support schools’ IT systems. Without visibility into the threats of today and tomorrow, schools are at risk of a cyberattack with significant consequences.

Additionally, practising basic cyber hygiene and investing in tools to map assets and devices are essential now that remote learning has introduced a plethora of access points. Doing so will give school security teams the best chance of protecting sensitive personal data and enable schools to get on with doing what they do best - giving our children a great future.